Sponsored By

10 Best Practices For Meeting SOX Security Requirements

Sarbanes-Oxley regulations remain one of security's biggest drivers in public companies. Here are some tips on how to keep your organization in compliance

Dark Reading Staff

December 15, 2011

1 Min Read

[Excerpted from "Security Via SOX Compliance," a new, free report posted this week on Dark Reading's Compliance Tech Center.]

Achieving compliance with Sarbanes-Oxley requirements remains a chief chore for all publicly traded companies—and a chief budget driver for IT compliance and security initiatives. Yet SOX’s computer security requirements remain vague, and auditors’ evaluations continue to be subjective.

IT managers often think of SOX as a technology mandate, but it is primarily an accounting and financial reporting mandate. Nowhere in the Sarbanes-Oxley Act will you see a reference to encryption, network security, password complexity or logging capabilities. Indeed, a SOX compliance effort should be driven by the business side, with IT playing the role of key facilitator.

So how do you approach compliance purely from an IT perspective? To pass a SOX audit, your company must implement security best practices for any system that touches anything and everything related to financial reporting and accounting systems. To achieve that goal, there are several elements you must put in place.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights